2010 Japan–South Korea cyber conflict

From HandWiki
Short description: Online conflict

On February 23, 2010, members of DC Inside, Humoruniversity, Ruliweb, Daum Truepicture, todayhumor, and various other South Korea online communities formed the Terror Action Association (TAA) (Korean: 테러대응연합). On March 1, 2010, TAA attacked the Japanese website 2channel, coinciding with the 91st anniversary of the March 1st Movement. Since 2004, DC Inside and 2chan have had numerous conflicts, both large and small.[1]

Summary

On February 23, 2010, users on 2chan (2channers) made offensive comments about a Korean international student that was beaten to death in Russia in the winter of 2009. "Dog died, why is it on the news?", "Kill more!", and other remarks were made. A few days prior, the Korean figure skater Yuna Kim won the gold medal in the 2010 Vancouver Winter Olympics, and 2channers asserted that officials must have been bribed.

These expressions from 2chan flowed into DC Inside's Humor Program Gallery.[2] Netizens from DC Inside and HumorUniversity (Korean web communities) agreed that the date of the attack should be March 1, 2010, and began recruiting from other online communities such as Today's Humor, Ruliweb, Daum.net. They formed the Terror Action Association, amassing more than 102,000 participants in a day.[3][4][5]

On 1 pm of March 1 (GMT+9), the TAA vandalized 2chan's galleries and executed a massive DDoS attack by paralyzing 2chan's servers.[6]

According to Pacific Internet Exchange, which was hosting 2chan's servers, Japanese servers were already experiencing an increased volume of requests from Korea facilitated by bots since 11:40 am. Other websites affiliated with 2chan were also affected by the attack.

On the evening of March 1, 2chan servers were suspended and IP addresses from all sources of attacks were blocked.

On March 2, damages were estimated to be above $2.5 million. Mainly 2chan's "Korea Slander Gallery", "VIP Gallery", "Breaking News Gallery" were targeted.[5]

Timeline and the aftermath

On February 24, Korean online communities noticed a series of posts on the Japanese website 2chan regarding Yuna Kim, a Korean figure skater, and the Korean international student who was murdered in Russia. Korean online communities claimed that 2chan members were accusing Yuna Kim of bribery and finding delight in the murder of the Korean student in Russia. An internet community, Terror Action Association was formed with the objective of carrying out a cyberattack on 2chan on March 1, 2010. Although the TAA prohibited the distribution or the use of illegal software, members continuously distributed illegal software leading up to the day of the attack.

On February 25, around midnight, Japanese posts appeared on DC Inside's comedy gallery and its users claimed that the servers had slowed down, and interpreted these as signs of a preemptive attack from 2chan.[7] Korean appeared on 2chan's Korean threads as well, however Japanese did not appear on 2chan's Korean galleries.[8] In a few minutes, the DC Inside servers returned to their usual speeds.

On February 26, attacks were carried out on 2chan's Yaoi forum. During the figure skating short program of the Vancouver Olympics that took place a few days before the attack, Yuna Kim took the lead over Mao Asada by meager 5 points and won the gold medal. 2channers suggested that Yuna Kim won the gold medal through bribery. However, whether this attack really originated from Korean users is unclear because the vandalism that appeared on 2chan's website did not contain any Korean but only English phrases such as "I'm Korean."

On February 28, a committee of 2channers scheduled two rounds of attacks on DC Inside at 8 pm and 9 pm within 30-minute windows. These attacks proved to be ineffective. The upcoming cyber war began attracting attention from the press.

1 pm on March 1, the TAA began the attack in two teams – one team vandalized the website, the other team carried out a DDoS attack.[2] At 1:03 pm, only three minutes after the initiation of the attack, 2chan's VIP gallery was paralyzed. 1:13 pm, five servers were paralyzed. 1:16 pm, the main channel's login requests started to get affected. 1:22 pm, all but two of the thirty-three 2chan servers were paralyzed. At 1:44 pm, the entire server was down.[2] At 2:13 pm, 2chan's main page was hacked and replaced with a page containing the Korean flag.[2] At 2:43 pm, naver.com blocked Japanese IPs. At 3:35 pm, 2chan blocked Korean IPs, but the servers were not yet restored.

A Korean student in Japan spied on the Japanese plans for retribution. At 6 pm, it was discovered that a website had plans for attacking the Blue House website. However, some Koreans who disliked Lee Myung Bak (Korean president at the time of the attack) participated in this attack. The Blue House shortly blocked Japanese IPs. At 6:11 pm, the Voluntary Agency Network of Korea (VANK) homepage started receiving attacks and was paralyzed for about 1 hour but was soon restored. It has been rumored that some of VANK's routers exploded from the attack. At 6:38 pm, attacks on Comedy Program Gallery began, but the attacks were deflected in four minutes. At 8:43 pm, organizers from 2chan declared the end of the attacks. At 9:35 pm, 2chan had been effectively downed for 8 hours, and MBC reported on the outcome.[2]

Around 6 pm of the following day, the servers began to be restored (At 8 pm, most of the servers were running normally). At 7 pm, another attack on VANK was made without success, and prompted a retribution attack from TAA, downing the control server of 2chan. Around 8 pm, attacks were again initiated by 2chan, but failed. At 10 pm, VANK blocked all Japanese IPs.

On March 5, 2chan provisionally suspended attacks and promised to strike on August 15. On August 15, the attacks were announced but the day passed by without offense from either side. A Korean gaming portal was downed this day but it was confirmed this was not an attack from Japan. A lot of fingers were pointed, including at China , at business establishments, and some speculated that it was an inside job by DC Inside. The Japanese Wiki article on this topic claims that VANK had a main role in this attack.

Outcome

Connecting to 2chan was impossible in the morning of March 1 until the evening of March 2 when the attacks shrank and a portion of the servers partially recovered.[9][10] The next day, about a third of the servers were restored, and by the evening all but the Dubai server were completely restored. The Dubai server was never completely restored due to damage, and according to 2chan administrators, the recovery of data on the Dubai server was difficult and it was stated that the gallery would be opening on a different server.[11]

The webpages of VANK and the Blue House were slowed down due to the attacks. There were reports that routers at VANK exploded, however, VANK had merely blocked Japanese IPs.

Reactions and responses

  • Pacific Internet Exchange, the managing company of 2chan's servers, declared on March 2 that they were preparing to investigate this event as a cyber-terrorism attack in collaboration with the US's Federal Bureau of Investigation (FBI),[12] by collecting and analyzing data related to this attack. However, the investigation was not actually carried out. This cyber warfare collaterally impacted some US agencies. Management of Big-server.com stated that a German who enforced cyber-attacks was arrested in the US and sentenced to two years. However, it was later confirmed that this scenario was fantasized by 2chan users, and a US journalist had picked up on this and published an article without checking the details. Because the FBI investigates activity that occurs within the United States, it is unlikely that they have actually investigated this cyber war. CIA, on the other hand, may investigate this incident in collaboration with South Korean or Japanese intelligence agencies, police forces, etc., with the approval of ministries on both ends (Japan has no official collective intelligence agency, instead there are intelligence clusters such as the Chief Cabinet Secretary's intelligence investigators, the Ministry of Justice's Public Inspection Agency, National Police Agency Security Bureau, and the Defense Agency).[13][14][15]
  • The head of Voluntary Agency Network of Korea (VANK) stated, "Japan has hurt their own reputation in the eyes of the international society", "Inflicting F5 attacks is no different than what Japan did. We must ignore them."[16]
  • JoongAng Daily– Editorials criticized both the way that Japanese netizens reacted to not winning the gold medal, as well as the way Korean netizens similarly reacted to the Japanese netizens.[17]
  • Korea Communications Commission stated that they are obtaining a holistic profile of this case and preparing measures. They stated, "We are worried about how to protect [Korean] netizens if this case evolves into a dispute between the two countries."[18]
  • Matsumoto Tetsujo, representative of the SoftBank Group, recorded on his blog that "If Japanese right-wing truly has the ability and the sense of duty for the country, and if there is a site with anti-Japanese sentiments, whether it is Korean or Chinese, why don't they also try gathering total power and launching a multi-scale assault just like the Koreans?"[19][20]

References

  1. "한국 네티즌 일본 사이트 공격". http://www.dt.co.kr/contents.html?article_no=2010030202010251739002. 
  2. 2.0 2.1 2.2 2.3 2.4 Yu Kim (March 1, 2010). "Epic Cyber War (Full Story): Japan V.S Korea". http://inewp.com/?p=1086. 
  3. 한·일 누리꾼, '3.1절 사이버 전쟁', YTN
  4. "한일양국에서〈삼일절 사이버 전쟁〉 움직임 김연아 비방 사이트 狙い 국내 넷 유저〈오늘 대대적 공격〉". 중앙일보. March 1, 2010. http://japanese.joins.com/article/article.php?aid=126716&servcode=400&sectcode=430. 
  5. 5.0 5.1 "김연아를 비방한 일본의 사이트가 다운". 중앙일보. March 2, 2010. http://japanese.joins.com/article/article.php?aid=126743&servcode=400&sectcode=430. 
  6. "韓 네티즌, 한국 비방 日사이트 2ch 공격 초토화". 맥스무비. March 1, 2010. http://www.maxmovie.com/movie_info/ent_news_view.asp?mi_id=MI0087744109. 
  7. "20100225002408.jpg (730x600 pixels)". http://img294.imageshack.us/img294/3997/20100225002408.jpg. 
  8. "20100225005031.jpg (642x500 pixels)". http://img138.imageshack.us/img138/9391/20100225005031.jpg. 
  9. "(cache) Graph: 2chtotal" (in ja). March 3, 2010. http://megalodon.jp/2010-0303-1141-03/traffic.maido3.com/VLpv/rTU0/h1Od/. 
  10. "(cache) 2ちゃんねる サーバ負荷監視所". March 2, 2010. http://megalodon.jp/2010-0302-1956-18/ch2.ath.cx/. 
  11. "2ちゃんねる復活への奇跡の軌跡". http://ula.cc/phoenix/. 
  12. "2chサーバのデータセンター、「サイバーテロ」として米機関に調査依頼へ". https://www.itmedia.co.jp/news/articles/1003/02/news070.html. 
  13. 2ちゃんねる攻撃で米企業がFBIと法的措置検討 損害2億2千万円 産経新聞 2010.3.2閲覧
  14. "2ちゃん攻撃は国際犯罪 FBIが首謀者割り出し捜査へ : J-CASTニュース". J-CASTニュース. March 3, 2010. http://www.j-cast.com/2010/03/03061510.html?p=all. 
  15. "Men indicted over cyberattacks". http://www.channel4.com/news/articles/science_technology/men+indicted+over+cyber+attacks/2487967. 
  16. 반크 박기태 단장 "한일 사이버전쟁, 결국 제살깎아먹기" 민일보 《쿠키뉴스》, 2010년 03월 02일
  17. (in Japanese) 【社説】日本ネチズンの行きすぎた行動…勝った私たちが負けよう 중앙일보 일어판, 2010년 3월 3일
  18. 한·일 사이버대전 FBI 손으로 , 《경제투데이》
  19. "아고라 : 사이버테러의 문제 - 마쓰모토 데쓰조". http://agora-web.jp/archives/956747.html. 
  20. "松本 徹三- SBI Business 公式プロフィール". http://www.sbibusiness.com/pub/tetsuzomatsumoto.